INFO("Unshared CLONE_NEWNET");
}
- /* Tell the parent task it can begin to configure the container and wait
- * for it to finish.
- */
- if (!lxc_sync_barrier_parent(handler, START_SYNC_CONFIGURE))
- goto out_error;
-
- if (handler->ns_clone_flags & CLONE_NEWNET) {
- ret = lxc_network_recv_from_parent(handler);
- if (ret < 0) {
- ERROR("Failed to receive veth names from parent");
- goto out_warn_father;
- }
- }
-
/* If we are in a new user namespace, become root there to have
* privilege over our namespace.
*/
}
}
- /* Ask father to setup cgroups and wait for him to finish. */
- if (!lxc_sync_barrier_parent(handler, START_SYNC_CGROUP))
+ /*
+ * Tell the parent task it can begin to configure the container and wait
+ * for it to finish.
+ */
+ if (!lxc_sync_wake_parent(handler, START_SYNC_CONFIGURE))
goto out_error;
/* Unshare cgroup namespace after we have setup our cgroups. If we do it
}
}
+ if (!lxc_sync_wait_parent(handler, START_SYNC_POST_CONFIGURE))
+ goto out_warn_father;
+
/* Setup the container, ip, names, utsname, ... */
ret = lxc_setup(handler);
if (ret < 0) {
}
}
- if (!lxc_sync_barrier_child(handler, START_SYNC_STARTUP))
- goto out_delete_net;
-
if (!cgroup_ops->setup_limits_legacy(cgroup_ops, handler->conf, false)) {
ERROR("Failed to setup cgroup limits for container \"%s\"", name);
goto out_delete_net;
if (!cgroup_ops->chown(cgroup_ops, handler->conf))
goto out_delete_net;
+ if (!lxc_sync_barrier_child(handler, START_SYNC_STARTUP))
+ goto out_delete_net;
+
/* If not done yet, we're now ready to preserve the network namespace */
if (handler->nsfd[LXC_NS_NET] < 0) {
ret = lxc_try_preserve_namespace(handler, LXC_NS_NET, "net");
}
}
+ if (!lxc_list_empty(&conf->procs)) {
+ ret = setup_proc_filesystem(&conf->procs, handler->pid);
+ if (ret < 0)
+ goto out_delete_net;
+ }
+
+ if (!lxc_list_empty(&conf->limits)) {
+ ret = setup_resource_limits(&conf->limits, handler->pid);
+ if (ret < 0) {
+ ERROR("Failed to setup resource limits");
+ goto out_delete_net;
+ }
+ }
+
/* Tell the child to continue its initialization. */
if (!lxc_sync_wake_child(handler, START_SYNC_POST_CONFIGURE))
goto out_delete_net;
if (handler->ns_clone_flags & CLONE_NEWNET) {
ret = lxc_network_send_to_child(handler);
if (ret < 0) {
- ERROR("Failed to send veth names to child");
+ SYSERROR("Failed to send veth names to child");
goto out_delete_net;
}
}
- if (!lxc_list_empty(&conf->procs)) {
- ret = setup_proc_filesystem(&conf->procs, handler->pid);
- if (ret < 0)
- goto out_delete_net;
- }
-
- if (!lxc_list_empty(&conf->limits)) {
- ret = setup_resource_limits(&conf->limits, handler->pid);
- if (ret < 0) {
- ERROR("Failed to setup resource limits");
- goto out_delete_net;
- }
- }
-
- /*
- * Wait for the child to tell us that it's ready for us to prepare
- * cgroups.
- */
- if (!lxc_sync_wait_child(handler, START_SYNC_CGROUP))
- goto out_delete_net;
-
- if (!lxc_sync_barrier_child(handler, START_SYNC_CGROUP_UNSHARE))
+ if (!lxc_sync_wait_child(handler, START_SYNC_IDMAPPED_MOUNTS))
goto out_delete_net;
ret = lxc_idmapped_mounts_parent(handler);
}
TRACE("Set up cgroup2 device controller limits");
+ cgroup_ops->finalize(cgroup_ops);
+ TRACE("Finished setting up cgroups");
+
+ /* Run any host-side start hooks */
+ ret = run_lxc_hooks(name, "start-host", conf, NULL);
+ if (ret < 0) {
+ ERROR("Failed to run lxc.hook.start-host");
+ goto out_delete_net;
+ }
+
+ if (!lxc_sync_wake_child(handler, START_SYNC_FDS))
+ goto out_delete_net;
+
if (handler->ns_unshare_flags & CLONE_NEWCGROUP) {
/* Now we're ready to preserve the cgroup namespace */
ret = lxc_try_preserve_namespace(handler, LXC_NS_CGROUP, "cgroup");
}
}
- cgroup_ops->finalize(cgroup_ops);
- TRACE("Finished setting up cgroups");
-
if (handler->ns_unshare_flags & CLONE_NEWTIME) {
/* Now we're ready to preserve the time namespace */
ret = lxc_try_preserve_namespace(handler, LXC_NS_TIME, "time");
}
}
- /* Run any host-side start hooks */
- ret = run_lxc_hooks(name, "start-host", conf, NULL);
- if (ret < 0) {
- ERROR("Failed to run lxc.hook.start-host");
- goto out_delete_net;
- }
-
- if (!lxc_sync_wake_child(handler, START_SYNC_FDS))
- goto out_delete_net;
-
ret = lxc_sync_fds_parent(handler);
if (ret < 0) {
SYSERROR("Failed to sync file descriptors with child");
START_SYNC_STARTUP = 0,
START_SYNC_CONFIGURE = 1,
START_SYNC_POST_CONFIGURE = 2,
- START_SYNC_CGROUP = 3,
- START_SYNC_CGROUP_UNSHARE = 4,
- START_SYNC_IDMAPPED_MOUNTS = 5,
- START_SYNC_CGROUP_LIMITS = 6,
- START_SYNC_FDS = 7,
- START_SYNC_READY_START = 8,
- START_SYNC_RESTART = 9,
- START_SYNC_POST_RESTART = 10,
+ START_SYNC_IDMAPPED_MOUNTS = 3,
+ START_SYNC_CGROUP_LIMITS = 4,
+ START_SYNC_FDS = 5,
+ START_SYNC_READY_START = 6,
+ START_SYNC_RESTART = 7,
+ START_SYNC_POST_RESTART = 8,
};
enum /* attach */ {
projects / thirdparty / lxc.git / commitdiff
